A new study conducted by Bridewell Consulting has revealed that complying with regulations poses the most significant cybersecurity challenge for financial services firms in the UK. The research found that 44% of organizations in the financial sector listed compliance as one of the top five cyber challenges they currently face.
Following compliance, other major challenges identified by the survey participants included data protection and privacy (39%), supporting remote and hybrid working (39%), protecting critical assets (37%), and managing cloud cybersecurity (35%). These findings come in the wake of the EU’s Digital Operational Resilience Act (DORA) legislation coming into force in January 2025. The regulation aims to enhance cyber resilience in the financial sector and will apply to UK organizations operating within the EU.
Financial industry associations, such as the Financial Conduct Authority (FCA) in the UK, have also introduced new rules to ensure the security of third-party providers. Sam Thornton, the Chief Operating Officer at Bridewell, emphasized the importance of financial organizations prioritizing cyber resilience and viewing regulation as a key driver of cybersecurity maturity within the sector.
The report also highlighted supply chain attacks as the most challenging cyber threat to mitigate, with an average response time of nearly 16 hours. Due to the complexity of internal systems and the numerous software suppliers and partner organizations, managing supply chain risks proves to be particularly difficult for the financial sector.
In terms of response times, data theft or disclosure incidents took the second-longest amount of time to address (11 hours), followed by physical security breaches (8.6 hours), malware attacks (7.6 hours), ransomware incidents (6.71 hours), and Distributed Denial of Service (DDoS) attacks (6 hours).
The study also revealed that financial services firms are increasingly turning to artificial intelligence (AI) cybersecurity solutions to enhance their security measures. Approximately 33% of organizations are utilizing automated incident response solutions, while 31% have implemented chatbots and AI assistants to support their security functions. Additionally, 22% are using AI-powered threat intelligence platforms and secure access service edge technology.
Amidst rising concerns over cybersecurity threats, many financial firms expressed fear of nation-state attacks from countries such as Russia (70%), Iran (69%), and China (57%). The study also highlighted the potential risks associated with threat actors utilizing AI technology, with phishing attacks powered by AI identified as the most significant threat (89%), followed by AI-powered botnets (81%), automated hacking (80%), data poisoning (80%), and deepfakes (78%).
Overall, the research underscores the growing challenges and complexities faced by financial services firms in ensuring robust cybersecurity measures in an evolving regulatory landscape and increasingly digitalized environment. As cyber threats continue to evolve, organizations must prioritize cybersecurity resilience and leverage advanced technologies to protect their critical assets and data from malicious actors.